On Tue, 2005-08-09 at 20:11 +0200, Laurent GUERBY wrote: > On Tue, 2005-08-09 at 08:53 -0400, Daniel Berlin wrote: > > > Looks good. I think it would be slightly more secure to have people > > > commit the patch with a unique name in some access-controlled CVS > > > (either some subdir of the GCC one or a new local one) than relying on > > > email "From" fields at the cost of minor inconvenience. > > > > > > > Why bother? > > Nobody forges mails to *test patches*. What does it buy you? > > Full control of an internet connected host, > your just have to provide a > patch to the gcc Makefile to append some ssh public key in $HOME/.ssh > somewhere or compile and run your favourite mini backdoor included in > the patch.
Yes, well, if someone does that, you blacklist them. You can also simply acl it so that the user can't write anything out of the gcc tree. > > You can of course run in some jail (usermode linux or whatever) to > mitigate this. > > Laurent >
